Understanding Ransomware: Its Categories and Lived Scenarios
Ransomware, a malicious type of software that encrypts data and files within an organization's IT environment or locks users out of their devices, has become a significant concern in the digital world. This article provides an overview of various ransomware variants, their methods, and the impact they have on organisations.
One of the most notorious ransomware variants is LockBit, which began attacks in September 2019 and operates an affiliate program known as Ransomware as a Service (RaaS). LockBit was updated to version 2.0 in June 2021 and was responsible for a data breach and ransomware infection at Accenture in August 2021.
In July 2021, the REvil ransomware group launched an attack on Kaseya, a Florida-based software provider of a widely used remote management monitoring solution. The attack impacted Kaseya, its customers, and companies who outsource IT management to Kaseya. Hackers demanded a staggering $70 million in payment.
Another infamous ransomware variant is Ryuk, which focuses on large organisations and demands over $1 million on average. It is one of the variants that took advantage of the switch to remote work during the COVID-19 pandemic.
Ransom demands in ransomware attacks can range from thousands to millions of dollars. Some ransomware variants encrypt the Master Boot Record (MBR), while others encrypt specific types of files. To maximise their chances of receiving a ransom payment, ransomware groups carefully research potential targets to determine how to infect them and the maximum ransom that they can demand.
Ransomware operators are increasingly supplementing their attacks with data theft or the threat of distributed denial of service (DDoS) attacks to increase their leverage and the probability of receiving a ransom payment. For instance, the Colonial Pipeline ransomware attack, believed to be the largest-ever attack on an American energy system, disrupted fuel supply across the East Coast for days until a $4.4 million ransom was paid.
The healthcare sector is particularly vulnerable to ransomware attacks, with potential deadly consequences. In Germany, between 2024 and 2025, about two to three severe ransomware attacks were reported daily, with small and medium-sized enterprises (SMEs) being particularly affected. The most affected sectors include non-profit organizations and education, which together accounted for over 20% of attack traffic.
Scareware, a form of ransomware designed to intimidate the target into taking some action, and screen locking ransomware, which locks the screen, keyboard, and mouse on a computer, making it impossible to use, are other forms of ransomware that pose a threat.
Ransomware groups often operate under an "affiliate" model where a ransomware developer distributes their malware to affiliates who infect victims' machines with it, and profits are shared between the ransomware developer and the affiliates.
In 2020, 33% of cyberattacks on government agencies were ransomware, disrupting missions and public services and creating a national security risk. Schools are also fast becoming a leading target for ransomware attacks.
In conclusion, ransomware attacks have become more widespread due to their profitability, ease of execution, and the availability of malware kits and cross-platform interpreters. It is crucial for organisations to implement robust cybersecurity measures to protect against these threats and minimise the impact of an attack.
Read also:
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Insurance company Aflac reveals cyber attack, part of a broader criminal campaign aiming at the insurance sector industry
- 17 Tech Gadgets and Add-Ons Permanently Taking Up Space in My Mental Realm
- 2022 Feature on our site: Leading U.S. Computer and Electronic Equipment Manufacturers (Presented in a Slideshow)
